THE GLOBAL IT outage could provide a payday bonanza for cyber criminals hoping to cash in on confusion and uncertainty, experts warned last night.
It follows reports of a surge of adverts on social media platforms and in email inboxes promising to “fix” issues caused by Crowdstrike’s faulty antivirus update on Friday.
One advert posted by a scammer read simply: “Is your computer affected by Crowdstrike? We can help you fix it for $200” – even though, in reality, they are not in a position to affect any remedies.
Others have already begun to set up fake “CrowdStrike support” domain names to hook in the company’s customers and anyone who might be impacted by the chaos.
Friday’s IT outage left the world reeling, with planes grounded, GP surgeries unable to deal with appointments and contactless payment unavailable at tills and petrol pumps.
Accordsong to Microsoft, which was not responsible for the bug, an estimated 8.5 million Windows devices were affected
And though the cyber security company – which was valued at £65bn just last week – has already issued a remedy, it will take at least a week before all systems are fully back to normal.
This is because the software is located deep within computer systems and requires system administrators to remove it.
“Simply put, software like that is designed to keep employers’ sticky fingers from removing it,” said cyber expert Dr Ian Batten, from the University of Birmingham.
“But this will not stop cyber criminals from trying to profit. “
Last week, millions of private and corporate subscribers of Microsoft 365 also experienced outages after the software titan’s Azure cloud experienced unrelated technical issues.
“The problem is that if you are Mrs Miggins working from home and your computer is playing up, you could assume you are also affected by Crowdstrike – even though Crowdstrike mainly has corporate clients,” he said.
“It’s all about sowing uncertainty.
“Anything which causes uncertainty about computing security allows people to both make money out of fear, and also to use the for as a stepping stone to doing other things.”
The National Cyber Security Centre (NCSC) confirmed “that an increase in phishing referencing this outage has already been observed, as opportunistic malicious actors seek to take advantage of the situation”
Crowdstrike is also aware of the danger.
“We know that adversaries and bad actors will try to exploit events like this,” said its founder and CEO George Kurtz
“I encourage everyone to remain vigilant and ensure that you’re engaging with official CrowdStrike representatives.”
The scale of the Crowdstrike outage has not been felt since the 2017 Wannacry ransomware attacks, which infected an estimated 230,000 computers across over 150 countries – and it will take a week until normal service is completely resumed across the UK, officials said.
Of the 1,500 flights which were grounded or delayed globally, 45 were at UK airports affecting thousands of passengers on the busiest flight day of the year.
A spokeswoman for the Association of British Insurers said: “In the first instance, refunds should be sought from the airline, accommodation provider or tour operator and any bookings made through a credit card may also have recoverable cost protection.”
Last night Transport Secretary Louise Haigh said IT systems at airports were “back up and working normally”, though airports continued to ask passengers to check who airlines for issues before turning up for flights, with huge queues reported at Heathrow and Gatwick airport help desks.
NHS England has reported that its systems are “coming back online in most areas” but “still running slightly slower than usual” and warned of “continued disruption” to GP services into next week.
“The advice for tomorrow (Mon) remains that patients should attend appointments as normal unless told otherwise,’ said a spokesman.
A Whitehall source confirmed: “We expect most services to have fully resumed by the end of the week.”